Unauthorized Plugin Installation in WordPress Plugins by Inisev
CVE-2023-0958

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Ssl Mixed Content Fix; Duplicate Post; Social Share Icons & Social Share Buttons; Ultimate Posts Widget
Vendor: CVE Published:; 28 July 2023

What is CVE-2023-0958?

Multiple WordPress plugins developed by Inisev are susceptible to a critical weakness that permits authenticated users, even those with minimal permissions, such as subscribers, to install specific plugins without proper authorization. This arises from a lack of capability verification in the function handling plugin installations, leading to potential exploitation and unauthorized control over affected sites. It is crucial for users of these plugins to take immediate action to secure their installations and prevent unwanted access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Backup Migration * <= 1.2.7

Clone * <= 2.3.7

Duplicate Post * <= 1.3.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/feedburner-alt...

https://plugins.trac.wordpress.org/browser/ultimate-socia...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 28, 2023
Vulnerability Reserved
Feb 22, 2023

Credit

Chloe Chamberland

JSON

Wordpress

What is CVE-2023-0958?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.